spring-cloud-starter-netflix-eureka-client:4.1 has vulnerability with dependency commons-jxpath:1.3 #4341
Labels
dependencies
Pull requests that update a dependency file
Comments
|
|
ziad-saade
changed the title
|
Hello, @ziad-saade, thanks for reporting the issue. This is a transitive dependency provided by an external repo: https://github.com/Netflix/netflix-commons. There's no higher version of Netflix/Eureka that we could upgrade to. We can't also provide a fix for Netflix/Eureka, since no higher version of Netflix/netflix-commons is available. The users can exclude the dependency on their end. Please create an issue in Netflix/netflix-commons and link here. We'll upgrade once an upgraded version is made available. |
OlgaMaciaszek
added
dependencies
|
Thanks you @OlgaMaciaszek for your reply, below link to the issue: |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
No description provided.
The text was updated successfully, but these errors were encountered: